NixOS Wiki

Install NixOS on Hetzner Online: Difference between revisions

← Older edit
Visual
imported>Onny
mNo edit summary
Klinger (talk | contribs)
trusted
872 edits
 
(14 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{Tip|This article is about installing NixOS on Hetzner Online, which provides dedicated bare-metal servers. It is not to be confused with Hetzner Cloud, which provides VPS cloud servers.}}
{{Note|This article is about installing NixOS on Hetzner Online, which provides dedicated bare-metal servers. It is not to be confused with [[Install_NixOS_on_Hetzner_Cloud|Hetzner Cloud]], which provides VPS cloud servers.}}


== Installation ==
== Installation ==
Line 5: Line 5:
There are three ways at the time to install NixOS on Hetzner dedicated:
There are three ways at the time to install NixOS on Hetzner dedicated:


# From Hetzner's rescue image one can boot into the nixos installer using a custom kexec image that is configured with the fixed IPv6 provided by Hetzner and also contain your ssh key. Tip: The kexec tarball as generated by [https://github.com/nix-community/nixos-generators nixos-generators] can remain put into the /boot partition for future use.  
# From Hetzner's rescue image, one can boot into the nixos installer using a custom kexec image that is configured with the fixed IPv6 provided by Hetzner and also contain your ssh key. Tip: The kexec tarball as generated by [https://github.com/nix-community/nixos-generators nixos-generators] can remain put into the /boot partition for future use.  
# Hetzner also provides an interface to upload your own ISO-images. Also here you may want to build your own iso-image, which has openssh with ssh keys due the lack of a remote console.  
# Hetzner also provides an interface to upload your own ISO-images. Also, here you may want to build your own iso-image, which has openssh with ssh keys due the lack of a remote console.  
# An easier method to install NixOS on Hetzner, is to use the existing integration into NixOps.
# An easier method to install NixOS on Hetzner, is to use the existing integration into NixOps.
# An example to install NixOS in the Hetzner rescue mode, including full RAID partitioning, is available [https://github.com/nix-community/nixos-install-scripts/blob/master/hosters/hetzner-dedicated/hetzner-dedicated-wipe-and-install-nixos.sh here].
# An example to install NixOS in the Hetzner rescue mode, including full RAID partitioning, is available [https://github.com/nix-community/nixos-install-scripts/blob/master/hosters/hetzner-dedicated/hetzner-dedicated-wipe-and-install-nixos.sh here].
Line 12: Line 12:
== Network configuration ==
== Network configuration ==


From Hetzner's [https://accounts.hetzner.com/login web interface], one can obtain both ipv4/ipv6 addresses and gateways.
Hetzner Online offers both IPv4 (usually in a shared /26 or /27 subnet) and IPv6 (/64 subnet) connectivity to each machine. The assigned addresses can be looked up on the [https://robot.hetzner.com/server Hetzner Robot] on the IPs tab of a machine. The public IPv4 address of the server can automatically be obtained via DHCP. For IPv6 you have to statically configure both address and gateway.
Hetzner does announce ipv6 addresses servers, so you need to assign those statically.
In this example we use networkd to configure the interface. The same configuration can be used for both
the kexec installation image and the final server configuration.


<syntaxHighlight lang=nix>
<syntaxhighlight lang="nix">
{ ... }: {
{
  # This make sure that our interface is named `eth0`.
  # This should be ok as long as you don't have multiple physical network cards
  # For multiple cards one could add a netdev unit to rename the interface based on the mac address
  networking.usePredictableInterfaceNames = false;
   systemd.network = {
   systemd.network = {
     enable = true;
     enable = true;
     networks."eth0".extraConfig = ''
     networks.default = {
       [Match]
       name = "enp1s0"; # The name of the interface
       Name = eth0
       DHCP = "ipv4";
       [Network]
       addresses = [  
      # Add your own assigned ipv6 subnet here here!
        {
      Address = 2a01:4f9:ffff::1/64
          # Replace the address with the one assigned to your machine
       Gateway = fe80::1
          Address = "2a01:4f8:AAAA:BBBB::1/64";
       # optionally you can do the same for ipv4 and disable DHCP (networking.dhcpcd.enable = false;)
        }
      # Address =  144.x.x.x/26
       ];
      # Gateway = 144.x.x.1
      gateway = [ "fe80::1" ];
     '';
       linkConfig.RequiredForOnline = "routable";
     };
   };
   };
}
}
</syntaxHighlight>
</syntaxhighlight>


Another possibility is to use <code>networking.interfaces</code>:
=== Static IPv4 configuration ===
<syntaxHighlight lang=nix>
Since the IPv4 network configuration is known, it can also be configured statically, preventing reliance on the DHCP service. The gateway and subnet information is visible when hovering the IPv4 address. The subnet size is usually a /26 (<code>255.255.255.224</code>) or a /27 (<code>255.255.255.192</code>).<syntaxhighlight lang="nix">
let
{
   external-mac = "00:11:22:33:44:55";
   systemd.network = {
  ext-if = "et0";
    enable = true;
  external-ip = "144.x.x.x";
    networks."30-wan" = {
  external-gw = "144.x.x.255";
      name = "enp1s0"; # The predictable name of the network interface
  external-ip6 = "2a01:XXXX:XXXX::1";
      DHCP = "no";
  external-gw6 = "fe80::1";
      addresses = [
  external-netmask = 27;
        # Replace the addresses with the ones assigned to your machine
  external-netmask6 = 64;
        {
in {
          Address = "A.B.C.D/26";
  # rename the external interface based on the MAC of the interface
        }
  services.udev.extraRules = ''SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"'';
        {
  networking = {
          Address = "2a01:4f8:AAAA:BBBB::1/64";
    interfaces."${ext-if}" = {
         }
      ipv4.addresses = [{
       ];
        address = external-ip;
       gateway = [
         prefixLength = external-netmask;
         # Replace the gateway address with the one in your subnet
       }];
        "A.B.C.E"
       ipv6.addresses = [{
         "fe80::1"
         address = external-ip6;
       ];
         prefixLength = external-netmask6;
       linkConfig.RequiredForOnline = "routable";
       }];
    };
    defaultGateway6 = {
       address = external-gw6;
      interface = ext-if;
     };
     };
    defaultGateway = external-gw;
   };
   };
}
}
</syntaxHighlight>
</syntaxhighlight>


== Bootstrap from the Rescue System ==
== Bootstrap from the Rescue System ==
Line 87: Line 75:
The main principle is that we will go from: Rescue system, install Nix, kexec into a NixOS system, finally install the system.
The main principle is that we will go from: Rescue system, install Nix, kexec into a NixOS system, finally install the system.


First, reboot the machine in Rescue mode. Make sure to select your SSH public key. SSH into the machine:
First, reboot the machine in Rescue mode. Note that just enabling Rescue mode from the dashboard doesn't immediately reboot so make sure to power cycle the server. The Rescue mode runs from a RAM disk, so make also sure that you have enough RAM. Temporarily rescaling to 32 GiB of RAM (the RAM disk will be half of the available RAM) during the bootstrapping process helps. Make sure to select your SSH public key. SSH into the machine:
 
You can skip the entire next part by using https://github.com/nix-community/nixos-images#kexec-tarballs


<syntaxHighlight lang=bash>
<syntaxHighlight lang=bash>
# The installer needs sudo
apt install -y sudo
# Let root run the nix installer
# Let root run the nix installer
mkdir -p /etc/nix
mkdir -p /etc/nix
Line 100: Line 93:
# Install nixos-generators
# Install nixos-generators
# This might take a while, so the verbose flag `-v` is included to monitor progress
# This might take a while, so the verbose flag `-v` is included to monitor progress
nix-env -f https://github.com/nix-community/nixos-generators/archive/master.tar.gz -i -v
nix-env -f https://github.com/nix-community/nixos-generators/archive/1.7.0.tar.gz -i -v


# Create a initial config, just to kexec into
# Create a initial config, just to kexec into
Line 120: Line 113:
</syntaxHighlight>
</syntaxHighlight>


At this point the shell should stop responding. Kill the shell and ssh back into the machine. The server public key will have changed.
At this point, the shell should stop responding. Kill the shell and ssh back into the machine. The server public key will have changed.


<syntaxHighlight lang=bash>
<syntaxHighlight lang=bash>
Line 132: Line 125:


# In this particular machine we have two NVMe disks
# In this particular machine we have two NVMe disks
# If your machine has > 2TB drives, open a ticket and ask for UEFI boot, it will save you a lot of hassle
format /dev/nvme0n1
format /dev/nvme0n1
format /dev/nvme1n1
format /dev/nvme1n1
Line 151: Line 145:


At this point, edit the /mnt/etc/nixos/configuration.nix and tune as needed. I just added the following lines:
At this point, edit the /mnt/etc/nixos/configuration.nix and tune as needed. I just added the following lines:
<syntaxHighlight>
<syntaxHighlight lang=nix>
boot.loader.grub.device = "/dev/nvme0n1";
boot.loader.grub.device = "/dev/nvme0n1";
services.openssh.enable = true;
services.openssh.enable = true;
Line 163: Line 157:
Voila! (after 1000 steps)
Voila! (after 1000 steps)


[[Category:Cookbook]]
[[Category:Server]]
[[Category:Server]]
[[Category:Deployment]]
Retrieved from "https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Online"